Our ClientLeading Fintech Company based in UAEYour ResponsibilitiesOperate as the primary support to the Head of Information Security (UAE) to deliver the information security program for UAE covering governance, risk and compliance areas.Maintain client's information security policies, standards, guidelines and procedures in line with Group CISO standards to ensure information security risks are appropriately managed.Own all aspects of the delivery of certification audits to ensure client remain successfully certified against PCI DSS, ISO27001, ISAE2 3402 and NESA requirementsEnsure other information security compliance requirements are met for client, scheme and local regulatory requirements in consultation with Legal and Regulatory teamConduct periodic risk assessments. Record, maintain and track information security risk registers. Implement controls for the execution of risk treatment plans and update the risk registerDevelop, track and report KPIs and KRIs for the UAE information security and report risk posture as directed by Group CISO through Head of Information Security UAERepresent information security during IT Change Management processes including emergency change management meetings to identify risks and ensure compliance with information security requirementsBe part of new technology and business initiatives, reviews and provide information security SME consultation and advises to ensure compliance with various information security requirementsCommunicate to the management on a regular basis on compliance status and any issues related to meeting the business compliance commitmentsReview information security exceptions and highlight risks associated with the exception to relevant audience to make sound risk-based decision following risk management frameworksManage the delivery of information security projects to meet the client information security strategies and goalsBe part of the security incident response group as required for managing / coordination of relevant investigation including data leaks, compromises etc.Prepare and maintain information security dashboards, reports on a periodic basisThird Party Risk ManagementWork with Group CISO and Head of Procurement to develop and implement a third-party information security governance and risk management framework to identify, evaluate, remediate and track complex business and technology risks introduced through Third partySupport the creation of relevant policies and procedures that support the successful implementation and maintenance of third party risk management operating modelsCreate and maintain third party risk registers for the UAE as per the risk management program. Track issues for closure and highlight at relevant platformsParticipate in the new third party engagement due diligence process and ensure risk on information security is kept at acceptable levels and highlight risks as appropriateIdentify and suggest technology enhancements to support third-party risk management processesConduct periodic formal end to end third party risk assessments on existing third party through various modes including onsite visits. Document risk assessment in a formal report, including any identified deficiencies in third party's Information Security program. Assess remediation plans and non-compliance acceptances where information security standards compliance cannot be achievedRepresent client during any third party audits/reviews (from clients) from information security area, respond to client questionnaires as requiredServe as a subject matter expert and process ambassador as it relates to TPRM related processes, procedures, and workflowsPartner with other internal teams such as business team, operating units, IT, legal, HR, Enterprise Risk to ensure that risks are clearly articulated in a manner that is understood by business and technology audiencesActively participate and provide inputs in decision making for management by broadly analyzing and mapping impact of current decisions on identified risks with third partyYour Qualifications8 to 10 years of experience in managing Information security GRC in a large technology complex leading banking, financial, payment service provider institutionsSound experience in managing end to end third party risk management reviews and audits. Experience with multinational audit firms is an advantageStrong hands on experience in managing and maintaining PCI DSS certifications in large PCI DSS compliance environments could be beneficialStrong experience in certification and compliance maintenance of ISO 27001, ISAE 3402, NESA and other legal, regulatory requirementBachelors preferably IT discipline. Post graduate degree will be an added advantageCertifications such CISA, CISM, CISSP, CRISC, PCI DSS, ISO 27001 etc.Excellent verbal and written English communication skills. Must be able to present and articulate complex information security risks to technical and non-technical audiences in simple mannerHalian GroupWith over 20 years of experience, we have come to understand that innovation is the only way to provide agile, practical solutions that transform businesses and careers.Our resourcing and smart services help you to realize tomorrow's potential. Discover the amazing things possible when you bring the right people and the right technologies together.